Uploaded by Devnith Wijesinghe

Wireshark workshop notes

advertisement
model
-layer
protocol
in between
j
This camet
is
116
jaubote
will
but
when
will
we
ignore
disconnecta
meet
change
~
a
wifi,
IP
-all
e
&
wireshark
devices
network
*
can
all
observe
user.
(devias)
PC
and
router
willapareall3
patente
other's
data.
W
addres
there
and
and
Sniffing
will
is
listen
monitor
observing
parkets
to
the
entire
transmission
WIRESHARK LAB EXERCISE
OBJECTIVE
In telecommunication engineering, having a good understanding of each data segment, packet, and frame generated
from computers is essential. This knowledge can help engineers design new systems, optimize existing systems, and
fix bugs. Various applications can analyze these data flows, and Wireshark is a popular and feature-rich open-source
application. The objective of this lab session is to provide an introduction to the software and teach the basic
functionalities of Wireshark.
EQUIPMENT YOU NEED
•
Wireshark 4.0.0 or greater version installed.
PART1: SNIFFING OWN COMPUTER TRAFFIC
In this part of the lab session, you will employ Wireshark to monitor network layer traffic. The Wireshark application
will facilitate the capturing of all data transmitted between your personal computer and router. During this exercise,
you will acquire the necessary knowledge and skills to capture network layer traffic and analyze data through basic
Wireshark software features.
TASK 1.1
Start Wireshark application and choose the necessary interface for capturing and start sniffing. While Wireshark
sniffs data in the background, you should do following things,
1.
2.
3.
Visit www.google.com using your browser.
Ping www.youttraube.com using the CMD/Terminal.
Visit http://testhtml5.vulnweb.com and click on Login. Then use a random username and a password to
login.
IMPORTANT: Do not use actual username/password for above task. Enter a random credential.
Now you can stop sniffing. Save your sniffed packets using your index. (task1_xxxxxx.pcap)
TASK 1.2
1.
Using captured trace, find the IP address of the google server.
IP Address: 74.125.18.
2.
3.
4.
103
~ICMP
protocol
Save that specific single packet you used to find the IP address using your index. (google_ip_xxxxxx.pcap)
Filter out the packets related to ping operation and save only those packets using your index
(ping_xxxxxx.pcap)
State the time when the last ping response arrived.
Time:
Apr 6, 2023 14:18:38.961610000 +0530
5.
You entered credentials to vuln web in task 1.1. Usually these credentials are passed using the POST
~ method. State the filter you would use to narrow down the traffic to only HTTP packets which have POST
requests.
Display Filter:
http. request method
POST
==
6.
~
Find out the credentials you entered in the captured packets. Get a screenshot of the way that you find the
credentials.
7.
Use a conversational filter to filter all the traffic between you and vulnweb and save only those packets
using your index. (vulnweb_xxxxxx.pcap).
v
TASK 1.3
In practical situations and industry, it may not be feasible to capture all data transmitted through the router due to
factors such as high file size or potential personal data privacy concerns. These limitations may become apparent
during the preceding two tasks. In addressing this issue, Wireshark offers a solution through the utilization of capture
filters.
NOTE: You can use telnet command in the format below to connect to a server at a specific port.
telnet <IP> <PORT>
1.
Use capture filter to capture only the packets which sent to port 443 and start sniffing data.
Capture filter:
2.
3.
port
443
Use telnet to connect to your router at port 443.
Filter out the packets related to this event. Get a screenshot of the filtered data and explain the packets
you see in Wireshark.
Screen Shot of the traffic.
Explanation
Ack 1
means
adenowledged.
A
4.
Use telnet to connect to <IP> at port 443 and repeat step 3.
Screen Shot of the traffic.
Explanation
PART 2: USE PORT MIRRORING TO CAPTURE ROUTER DATA
Following Task 1, you will now leverage the knowledge gained to examine a larger data trace. This trace was obtained
using port mirroring technology, which enables the capture of all traffic flowing through the router.
TASK 2.1
Use ARP packets to get the MAC address of following IP addresses,
IP address
192.168.1.1
192.168.1.249
192.168.1.166
Mac Address
14:
20:51:33:ea
CC:
00: 16:
6c:
al: 66:88
00: 24:24: 11: 18: 98
TASK 2.2
Use Wireshark statistics to answer the following questions.
1.
What percentage of packets use IPv4?
Percentage:
2.
What percentage of packets are ARP?
Percentage:
3.
85.4%
11.7%
Insert a screenshot of flow graph between 192.168.1.223 and 192.168.1.193.
Download